Don't forget about metasploitable. If you don't have a lab, it'll definitely help beginners.

No one has mentioned the live hack yet.
http://www.youtube.com/watch?v=OZJwSjor4hM
It's toward the end.

Anyway, Anonymous has said they have not been attacking their site as they believe in free speech. Free speech is like the old bible verse "If you love those who love you, what credit is that to you? Even 'sinners' love those who love them". The true test of free speech is allowing and defending speech you find repugnant. I doubt whether this Jester guy is actually part of Anonymous. He seems like someone out to make a name for himself in public instead of being recognized by his peers as an expert. It is also apparent that it was the taunting by Westboro that caused the live hack. They have followed the same route as HBGary or as Stephen Colbert put it "Now to put that in hacker terms, Anonymous is a hornet's nest and Barr said 'I'm going to stick my p***s in that thing".

I was going to send this in as a resource but the topic of rogue dhcp servers hits close to home. In addition to this type of malware, a frequent problem at university housing is students bringing in wireless routers and connecting them to the LAN incorrectly causing their new wireless router to start handing out IP addresses via dhcp. A solution we have found is by using dhcdrop. It's in the net-mgnt ports for FreeBSD. What it does is send out dhcp discover packets. If it gets a response from a server that is not legitimate then it sucks up all the address space the rogue router will hand out, rendering it harmless to other users.

Good times..... 

The best answer has already been given- wipe the machine and start over.

However if you must:
Compare the traceroute from a different machine on the same switch to see if there's a difference
AND/OR
shut down all connections on the box, run wireshark, determine if any remaining traffic is legitimate. If you still have traffic after that....... wipe the machine 

For anyone interested, Wireshark has a cert now. I have taken Laura Chappel's course and it was very informative. Good packet level troubleshooting.

Here's a slightly different perspective. A while back I was listening to an interview where the author was pointing out how education is not the be-all, end-all. His point was that it doesn't do any good to train a million workers to make widget A if there's no market for them. Jobs are created by demand. If everyone in the world wants a particular fancy cell phone, someone will start making that cell phone and the workers will be trained to do exactly that.

That perspective is a bit like the network industry. Each job will have its own set of software that the company uses, its own procedures & training requirements. So while you may not have the exact skill set required for the job, certs demonstrate an ability to learn & to show an acceptable level of proficiency.

So for me at least, I'll do whatever it takes to get the job as far as certs go. After you're hired is where the real learning begins.

That said, if you are lacking  some cert they would require, offer to take it soon after being hired.

This thread is old but I've got to start somewhere and maybe this will help someone else.

"I need to know how to set up Wireshark so I can analyze the traffic between my Mac and my router."

As another commenter suggested, the way to go in your situation is to set up Wireshark on your machine and then choose the interface you want to capture traffic on. While it may be possible for malware to mess with Wireshark, it's highly unlikely as black hats are usually looking for a different type of user to abuse. As the saying goes, packets don't lie.

"What type of router/switch are we talking about?"

Most managed switches have port monitoring. A hub is another route but there are quite a few hubs out there that are actually switches. The proper way would be to buy an aggregating tap like netoptics.com. Personally, I use the small mikrotik rb750 as a tap. You can build a tap but it will only be half-duplex.

"I get a lot of black with red text..."


Always bad. The default color rules have some bad traffic labeled as black/red. You can always tell what a coloring rule is based on by looking at the bottom of the list in the frame section or clicking on the coloring rules button. If you see striping in a trace, it is almost always bad. The trace you provided isn't large enough to get a full picture of what is going on with your machine. Use the display filters to get a clearer picture. If you don't know how, get the wireshark book or get the training at chappellu.com. I took her all-access course and it taught me quite a lot about the packet level and protocols. Wireshark is easy to use but packet tracing and deciphering what you see in front of you is an art form. It's easy to get lost with all that data but the packets will tell you absolutely what is going on, if you can figure it out. Packets don't lie. Packet 5 has a window size of 128 and you have essentially hit a zero window and will start dropping packets, hence the 2 out-of-order packets that follow it.